From 9941a96feba4d4e8d793816194bc4ba1004ee620 Mon Sep 17 00:00:00 2001
From: Martin Dzibela <martin@dzibela.cz>
Date: Tue, 22 May 2018 14:13:20 +0200
Subject: [PATCH] Fix uncaught exception produced by unsigned token

---
 src/AuthorizationValidators/BearerTokenValidator.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/AuthorizationValidators/BearerTokenValidator.php b/src/AuthorizationValidators/BearerTokenValidator.php
index 6f299ce4..2efa3c8e 100644
--- a/src/AuthorizationValidators/BearerTokenValidator.php
+++ b/src/AuthorizationValidators/BearerTokenValidator.php
@@ -65,8 +65,12 @@ class BearerTokenValidator implements AuthorizationValidatorInterface
         try {
             // Attempt to parse and validate the JWT
             $token = (new Parser())->parse($jwt);
-            if ($token->verify(new Sha256(), $this->publicKey->getKeyPath()) === false) {
-                throw OAuthServerException::accessDenied('Access token could not be verified');
+            try {
+                if ($token->verify(new Sha256(), $this->publicKey->getKeyPath()) === false) {
+                    throw OAuthServerException::accessDenied('Access token could not be verified');
+                }
+            } catch (\BadMethodCallException $exception) {
+                throw OAuthServerException::accessDenied('Access token is not signed');
             }
 
             // Ensure access token hasn't expired